Cyber Security Headlines - Episode Summary Hosted by CISO Series | Release Date: February 21, 2025

The latest episode of Cyber Security Headlines by CISO Series delves into significant incidents and developments within the information security landscape. Hosted by Steve Prentiss, the episode covers three major stories: the NioCorp Business Email Compromise (BEC) scam, a cyber incident at an Australian IVF provider, and the Securities and Exchange Commission’s (SEC) restructuring of its cyber unit. Additionally, the episode touches upon emerging threats targeting freelance developers, ransomware attacks on European healthcare entities, Microsoft's ongoing efforts to fix a Windows 11 SSH bug, a security breach at Insight Partners, and Amazon's discontinuation of its Android App Store and Coins Currency program.

1. NioCorp's $500,000 BEC Scam

Minerals company NioCorp Development (spelled as N-I-O-C-O-R-P) operating in southeastern Nebraska, specializing in the production of NiO, scandium, and titanium, reported a significant breach on February 14th.

Key Points:

• Incident Details: Threat actors infiltrated NioCorp's information systems, particularly targeting email channels to execute a BEC scam resulting in the misdirection of $500,000 intended for a vendor.
• Response Measures: NioCorp has alerted regulators and is actively working to remediate the breach while searching for any additional damages.

Notable Quote:

“The company is taking steps to remediate the incident, of course, and to search for any additional damage.” (00:06)

2. Australian IVF Provider Genea Investigates Cyber Incident

Fertility services provider Genea, operating multiple IVF clinics across Australia, faced an unauthorized access incident.

Key Points:

• Access and Impact: An unidentified third party accessed Genea's systems. While the nature of the attack remains unclear, the company is investigating potential personal information compromise.
• Immediate Actions: Genea has taken precautionary measures by taking certain systems and servers offline and is working on restoring them. Additionally, the company's app for tracking fertility cycles and accessing medical data was rendered unavailable post-incident.

Notable Quote:

“Genea... said it had taken some systems and servers offline as a precaution and was working to restore them while the investigation continued.” (00:06)

3. SEC Reorganizes Cyber Unit into Emerging Technologies Team

The Securities and Exchange Commission (SEC) announced a pivotal restructuring of its cyber assets and fraud unit, transitioning to a more focused team.

Key Points:

• New Unit Formation: The SEC is replacing its cryptocurrency fraud unit with the Cyber and Emerging Technologies Unit (CETU).
• Scope of Work: CETU will tackle cyber-related misconduct affecting investors, including fraud facilitated through artificial intelligence, social media, the dark web, blockchain technology, hacking, and account takeovers.

Notable Quote:

“This new team, the Cyber and Emerging Technologies unit (CETU), will combat fraud committed through means such as artificial intelligence, social media, the dark web, blockchain technology, hacking and account takeovers.” (00:06)

4. Emerging Threats Targeting Freelance Developers

Cyber attackers have been targeting freelance developers through deceptive job advertisements designed to distribute malicious software.

Key Points:

• Attack Vector: Utilization of GitHub repositories where attackers pose as reputable companies offering enticing gigs, leading victims to download malware disguised as legitimate tools.
• Attribution: Security firm ESET attributes this campaign to a North Korea-linked threat actor, referred to as Deceptive Development.

Notable Quote:

“This most recent one targets freelance developers using deceptive job ads to get victims to download malicious software disguised as legitimate tools.” (01:30)

5. Nailio Locker Ransomware Targets European Healthcare

Researchers from Orange Cyber Defense uncovered a ransomware campaign targeting European healthcare entities.

Key Points:

• Ransomware Details: The campaign employs Shadowpad, Plug X, and the previously undocumented Nailio Locker ransomware.
• Attack Techniques: Utilizes a zero-day vulnerability in Checkpoint Security Gateways with remote access VPN or mobile access features. The campaign aligns with Chinese intrusion tactics like DLL sideloading, hinting at potential origins from China-linked Advanced Persistent Threats (APTs), though evidence remains inconclusive.

Notable Quote:

“The researchers believe this campaign makes use of a zero day in checkpoint security gateways with a remote access VPN or mobile access feature.” (02:15)

6. Microsoft Addresses Windows 11 SSH Connections Bug

Following reports from November, Microsoft is actively working on a fix for a persistent SSH connections issue affecting certain Windows 11 systems.

Key Points:

• Affected Systems: Windows 11 versions 20H2 and 23H2, particularly Enterprise IoT and Education editions. Expansion of the investigation includes potential risks to Windows 11 Home or Pro editions.
• Solution Development: The fix is being tested and has been included in the Windows 11 build 26100, available on the Release Preview channel.

Notable Quote:

“Microsoft is now testing a fix for an issue that has been around since November, which is breaking SSH connections on some Windows 11, 20H2 and 23H2 systems.” (03:05)

7. Insight Partners' Security Breach Disclosure

Insight Partners, a venture capital firm in the tech sector, disclosed a recent security breach.

Key Points:

• Breach Details: Detected on January 16th, threat actors employed sophisticated social engineering techniques to infiltrate the firm's infrastructure.
• Impact Assessment: The attacker was removed the same day, with no operational disruptions or significant impacts anticipated on portfolio companies, funds, or stakeholders.

Notable Quote:

“They believe the attacker was ejected that same day. They also added that the incident did not impact its operations, with no evidence of the threat actor's presence after January 16th.” (04:20)

8. Amazon Discontinues Android App Store and Coins Currency

In a strategic move, Amazon announced the discontinuation of its Android App Store and the Amazon Coins program.

Key Points:

• Effective Date: Both services will be terminated on August 20th of the current year.
• User Impact: Amazon will refund any unused coins held by users. The company cited the limited use of the App Store outside of Amazon devices as a driving factor behind the decision.

Notable Quote:

“The company says it will discontinue its App Store For Android on August 20th of this year, and on the same day it will also be discontinuing the Amazon Coins program.” (05:10)

Upcoming Events

Steve Prentiss highlighted a busy schedule of live streams for the day:

• Super Cyber Friday: Starting at 1 PM, focusing on "Hacking Metrics that Matter"—an hour dedicated to critical thinking about effective security measurements.
• Week in Review Show: At 3:30 PM Eastern, featuring guest TC Ned Ziolkowski, who will provide expert commentary on the week’s news.

Listeners are encouraged to visit the events page to join these sessions.

Notable Quote:

“To join us for both, head on over to the events page@cisoseries.com I'm Steve Prentiss reporting for the CISO series.” (05:50)

Conclusion

This episode of Cyber Security Headlines underscores the evolving nature of cyber threats and the proactive measures organizations are undertaking to safeguard their assets and data. From significant financial scams and data breaches to strategic organizational changes within regulatory bodies, the landscape of information security remains dynamic and challenging. Stay informed and vigilant by following the latest updates and best practices in cybersecurity.

For more detailed stories behind these headlines, visit cisoseries.com.